SECURITY

Assigning password reset authority
Password reset authority authorizes people or applications to reset passwords and to specify ID download counts.

Perform the following steps:

1. Ensure that you have the following access:

2. Open the Domino Administrator tool panel used to specify password reset authority. Use any of the following methods: 3. To assign password reset authority, perform the steps that correspond to the type of authority you are assigning.
Type of password reset authorityStepsComments
Authority for help desk personnel to reset user passwords through the Domino Administrator
  1. In the right, box select the organization or organizational unit of users whose passwords will be reset.
  2. In one of the left boxes, select the name of a user, group, or organizational unit who will be allowed to reset the passwords of users in the organization highlighted in the right box.
  3. Click "Add" to give the user, group, or organizational unit password reset authority for the organization or organizational unit highlighted in the right box. Or click "Add To All" to give the user, group, or organizational unit password reset authority for all organizations listed in the right box.
  4. Repeat steps 1 through 3 as necessary.
  • Selecting a group creates individual Password Reset Certificates for each current member. Future changes in group membership do not cause corresponding changes to Password Reset Certificates.
Authority for an agent password reset application
  1. In the right box, select the organization or organizational unit of the users whose passwords will be reset.
  2. In the top, left box select the name of the user that has signed (or will sign) the application agent.
  3. Click "Add" to give the selected agent signer password reset authority for the organization or organizational unit highlighted in the right box.
  4. Keep the agent signer name highlighted in the right box and select "Self-service password reset authority."
  5. In the top, left box, select the name of a server or group of servers on which you will deploy the application.
  6. Click "Add" to give the selected server or server group password reset authority for the organization or organizational unit highlighted in the right box.
  7. Repeat steps as necessary.
  • The Server document of each authorized server must give the agent signer "Sign or run restricted LotusScript/Java agents." A server does not have to have a replica of the vault.
  • To sign the agent, from Domino Designer, switch to the user ID that has or will have password reset authority, click Code - Agents and double-click, select the agent, and then click "Sign."
  • If you select a server group name, a Password Reset Certificate is issued to each server that is currently a member of the group. Future changes in group membership do not cause corresponding changes to Password Reset Certificates.
  • Select "Self-service password reset authority" for the agent signer even if the users of the application are help desk personnel who will reset passwords for users.
Authority for a non-agent password reset application
  1. In the right box, select an organization or organizational unit of users whose passwords will be reset.
  2. In the top, left box select the name of a user or server under which the application is authorized to run.
  3. Click "Add" to give the selected user or server name password reset authority for the organization or organizational unit highlighted on the right.
  4. If you added a user name, keep the user name highlighted on the right, and select "Self-service password reset authority."
  5. Repeat steps as necessary.
  • Select "Self-service password reset authority" for a user name even if the users of the application are help desk personnel who will reset password for users.
Related topics